User Authentication

Some questions about LDAP/AD integration.

Can a user have login that is not in LDAP/AD? Is it possible to have userids that are not in LDAP log into the application?

Can the application only allow logins by group permissions in LDAP/AD?